Skip to content

fix(deps): patch CLI security advisories (CYPACK-1379)#1370

Merged
Connoropolous merged 2 commits into
mainfrom
cypack-1379
Jul 11, 2026
Merged

fix(deps): patch CLI security advisories (CYPACK-1379)#1370
Connoropolous merged 2 commits into
mainfrom
cypack-1379

Conversation

@cyrusagent

Copy link
Copy Markdown
Contributor

Assignee: @Connoropolous (connor)

Summary

  • Updates CLI-owned dependencies to patched releases where direct bumps are available.
  • Reduces the root pnpm override set to the remaining transitive advisories that upstream packages do not yet resolve naturally.
  • Regenerates pnpm-lock.yaml so pnpm audit reports zero advisories.

Verification

  • pnpm audit
  • pnpm build
  • pnpm test:packages:run
  • pnpm --filter cyrus-ai test:run
  • pnpm --filter cyrus-f1 test:run
  • pnpm typecheck
  • pnpm lint

Linear: https://linear.app/ceedar/issue/CYPACK-1379/address-open-security-patches-for-cyrus-cli


Tip: I will respond to comments that @ mention @cyrusagent on this PR. You can also submit a review with all your feedback at once, and I will automatically wake up to address each comment.

@Connoropolous Connoropolous left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the dependency-only security patch. CI is green on Node 20/22, pnpm audit reports no known vulnerabilities on the PR branch, and the manifest/lockfile changes are scoped to replacing broad overrides with direct patched dependency updates.

@Connoropolous Connoropolous merged commit d60a672 into main Jul 11, 2026
4 checks passed
@Connoropolous Connoropolous deleted the cypack-1379 branch July 11, 2026 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants